package com.zcc.lesson02;

import com.zcc.lesson02.utils.JDBCUtils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;

public class SQLInsert {
    public static void main(String[] args) {
        //常规登录方式，接受到请求的用户名和密码，然后调用方法去数据库查询比对
        login("zcc","123456");
        //sql注入，给请求发送过去的值拼接一个sql判断语句，实现条件一定成立的语句
        login(" 'or' 1=1","123456");
    }
    public static void login(String username, String password) {
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;

        try {
            conn= JDBCUtils.getConnection();
            stmt = conn.createStatement();

            String sql = "select * from users where name = '" + username + "' and password = '" + password + "'";
            rs = stmt.executeQuery(sql);
            while (rs.next()) {
                System.out.println("id="+rs.getInt("id")
                +", name="+rs.getString("name")
                +", password="+rs.getString("password")
                +", email="+rs.getString("email")
                +", birthday="+rs.getString("birthday"));
            }
        }catch (Exception e){
            e.printStackTrace();
        }finally {
            JDBCUtils.release(conn,stmt,rs);
        }
    }
}
